base/protocols/sip/main.bro

SIP

Implements base functionality for SIP analysis. The logging model is to log request/response pairs and all relevant metadata together in a single record.

Namespace:SIP
Imports:base/utils/files.bro, base/utils/numbers.bro
Source File:/scripts/base/protocols/sip/main.bro

Summary

Options

SIP::sip_methods: set &redef A list of SIP methods.

Types

SIP::Info: record The record type which contains the fields of the SIP log.
SIP::State: record  

Events

SIP::log_sip: event Event that can be handled to access the SIP record as it is sent on to the logging framework.

Detailed Interface

Options

SIP::sip_methods
Type:set [string]
Attributes:&redef
Default:
{
   "ACK",
   "SUBSCRIBE",
   "NOTIFY",
   "BYE",
   "INVITE",
   "OPTIONS",
   "REGISTER",
   "CANCEL"
}

A list of SIP methods. Other methods will generate a weird. Note that the SIP analyzer will only accept methods consisting solely of letters [A-Za-z].

Types

SIP::Info
Type:

record

ts: time &log

Timestamp for when the request happened.

uid: string &log

Unique ID for the connection.

id: conn_id &log

The connection’s 4-tuple of endpoint addresses/ports.

trans_depth: count &log

Represents the pipelined depth into the connection of this request/response transaction.

method: string &log &optional

Verb used in the SIP request (INVITE, REGISTER etc.).

uri: string &log &optional

URI used in the request.

date: string &log &optional

Contents of the Date: header from the client

request_from: string &log &optional

Contents of the request From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.

request_to: string &log &optional

Contents of the To: header

response_from: string &log &optional

Contents of the response From: header Note: The tag= value that’s usually appended to the sender is stripped off and not logged.

response_to: string &log &optional

Contents of the response To: header

reply_to: string &log &optional

Contents of the Reply-To: header

call_id: string &log &optional

Contents of the Call-ID: header from the client

seq: string &log &optional

Contents of the CSeq: header from the client

subject: string &log &optional

Contents of the Subject: header from the client

request_path: vector of string &log &optional

The client message transmission path, as extracted from the headers.

response_path: vector of string &log &optional

The server message transmission path, as extracted from the headers.

user_agent: string &log &optional

Contents of the User-Agent: header from the client

status_code: count &log &optional

Status code returned by the server.

status_msg: string &log &optional

Status message returned by the server.

warning: string &log &optional

Contents of the Warning: header

request_body_len: count &log &optional

Contents of the Content-Length: header from the client

response_body_len: count &log &optional

Contents of the Content-Length: header from the server

content_type: string &log &optional

Contents of the Content-Type: header from the server

The record type which contains the fields of the SIP log.

SIP::State
Type:

record

pending: table [count] of SIP::Info

Pending requests.

current_request: count &default = 0 &optional

Current request in the pending queue.

current_response: count &default = 0 &optional

Current response in the pending queue.

Events

SIP::log_sip
Type:event (rec: SIP::Info)

Event that can be handled to access the SIP record as it is sent on to the logging framework.

Copyright 2016, The Bro Project. Last updated on December 07, 2018. Created using Sphinx 1.8.2.